Re: [PATCH] Fix Kernel Panic in bonding driver debugfs file: rlb_hash_table

From: Andy Gospodarek
Date: Wed Apr 29 2015 - 14:51:23 EST

Next message: Fabian Frederick: "[RFC 1/1 linux-next] gfs2: convert simple_str to kstr"
Previous message: Andy Lutomirski: "Re: [RFC] x86, perf: Add an aperfmperf driver"
In reply to: Pai: "[PATCH] Fix Kernel Panic in bonding driver debugfs file: rlb_hash_table"
Next in thread: David Miller: "Re: [PATCH] Fix Kernel Panic in bonding driver debugfs file: rlb_hash_table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 29, 2015 at 02:24:23PM -0400, Pai wrote:
> This patch fixes a Kernel Panic in bonding driver debugfs file: rlb_hash_table.
>
> $> modprobe bonding mode=6
> $> cat /sys/kernel/debug/bonding/bond0/rlb_hash_table
>
> This will crash the kernel. The struct alb_bond_info is initialized only when
> the bonding interface is initialized (ip link set bond0 up) and not at the time
> it is allocated. If we try to read the table before that, it'll result in a
> kernel panic.

Nice catch!

>
> The patch applies against both net and net-next
>
> Signed-off-by: Vishwanath Pai <vpai@xxxxxxxxxx>

Signed-off-by: Andy Gospodarek <gospo@xxxxxxxxxxxxxxxxxxx>

>
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index 089a402..806892a 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -4510,6 +4510,8 @@ unsigned int bond_get_num_tx_queues(void)
> int bond_create(struct net *net, const char *name)
> {
> struct net_device *bond_dev;
> + struct bonding *bond;
> + struct alb_bond_info *bond_info;
> int res;
>
> rtnl_lock();
> @@ -4523,6 +4525,14 @@ int bond_create(struct net *net, const char *name)
> return -ENOMEM;
> }
>
> + /*
> + * Initialize rx_hashtbl_used_head to RLB_NULL_INDEX.
> + * It is set to 0 by default which is wrong.
> + */
> + bond = netdev_priv(bond_dev);
> + bond_info = &(BOND_ALB_INFO(bond));
> + bond_info->rx_hashtbl_used_head = RLB_NULL_INDEX;
> +
> dev_net_set(bond_dev, net);
> bond_dev->rtnl_link_ops = &bond_link_ops;
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Fabian Frederick: "[RFC 1/1 linux-next] gfs2: convert simple_str to kstr"
Previous message: Andy Lutomirski: "Re: [RFC] x86, perf: Add an aperfmperf driver"
In reply to: Pai: "[PATCH] Fix Kernel Panic in bonding driver debugfs file: rlb_hash_table"
Next in thread: David Miller: "Re: [PATCH] Fix Kernel Panic in bonding driver debugfs file: rlb_hash_table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]